Index
Summary
Business wire press release “Payment Transaction Fraud Among Key Risks to Business Operations – and Reputation” Published September 27, 2023
88%
Hit by transaction fraud
$150k
Average loss/ incident
659
Companies
Explore illuminating insights from interviews with 659 finance executives featured in the 2023 Ponemon Institute Report. In a groundbreaking market survey conducted in March 2023, Creednz partnered with the renowned Ponemon Institute, helmed by Dr. Larry Ponemon, a former senior partner at PWC and founder of the firm's global compliance risk-management group.
This pioneering research marks a significant milestone, capturing responses from 659 finance executives representing 18 diverse industries across the United States. These executives hail from corporations with average annual revenues in the $400 million range and maintain supply chains averaging 2,800 suppliers.
Traditionally, industry statistics have relied upon aggregate data, such as the FBI Internet Crime Reports (The IC3), which reported a staggering $50 billion in losses from scams like Business Email Compromise between 2013 and 2022. However, these figures lacked granularity, leaving questions unanswered regarding the affected companies and the prevalence of such losses.
Our research revolutionizes this landscape by providing valuable insights for companies to recalibrate their risk focus. By shedding light on the accountability aspects of payment scams, we bridge the gap between finance and cybersecurity departments, revealing how these financial challenges squarely fall within the purview of corporate finance.
Evaluating the Risk of Transaction Fraud
This survey brought to light that payment fraud is a much more severe problem than is being addressed. Organizations that ignore the risks of payment fraud do so at their peril.
Common Risks and Fraud Scenarios
Vendor & Executive Impersonation
Impersonation tactics are used to deceive organizations into fraudulent payments or divulging sensitive information. Business Email Compromise (BEC) is a common tactic where they impersonatevendors or key personnel to manipulate financial processes.
Third-Party Compromise
Occurs when an organization’s vendor or supplier is hacked, leading to the manipulation of billing details or bank accounts, potentially resulting in fraudulent transactions.
Account Takeover
Happens when an attacker gains unauthorized access to a corporate bank account belonging to a legitimate finance individual, often using stolen or compromised credentials, to make unauthorized transactions or divert funds.
Malicious Insider/ User Entitlement Fraud
Impersonation tactics are used to deceive organizations into fraudulent payments or divulging sensitive information. Business Email Compromise (BEC) is a common tactic where they impersonatevendors or key personnel to manipulate financial processes.
Sanctioned Entities
Payments made to sanctioned entities, resulting in potential legal repercussions, financial losses, and reputational damage.
Systems & Human Error
Although not fraud, these unintentional errors can cause identical financial losses. This includes instances where someone inputs incorrect information or payment files become corrupted, leading to discrepancies or erroneous transactions.
Industries Surveyed
The summary presented here pertains to a research survey on payment fraud, which was carried out by the Ponemon Institute. Participants consisted of 659 executives from a range of finance governance roles across 18 industries.
Finacial Services
Services
Public Sector
Manufacturing
Retailing
Energy & Utilities
Hospitality
Communications
Pharmaceuticals
Transportation
Healthcare
Industrial
Defense
Education
Consumer Products
Tech
Entertainment
Agriculture
The Devastating Aftermath of Fraud
Transaction fraud not only affects the financial well-being of businesses, but it also damages their reputation, erodes public confidence, and can result in costly regulatory scrutiny. Additionally, recovering from fraud requires significant time and resources that could otherwise be allocated toward growing the business.
Tarnished Reputation
60%
report damage to organization’s reputation
46%
report loss of shareholders’ confidence
Loss of Trust
51%
suffered a negative impact on organization’s compliance with regulations
38%
noticied a loss of confidence in management’s ability to prevent payment transaction fraud
Additional Cost
27%
of organizations terminated employees responsible for making payments
19%
of organizations had to pay legal fines
Businesses Know the Risk
Finance teams of larger organizations deal with numerous transactions across ultiple bank accounts. Organizations represented in this research have average annual revenues of $446M, averaging 2,836 vendors on their supply chain with an average of 25,000 monthly payment volumes.
This complexity makes effective vendor management and payment security measures crucial. However, many surveyed financial teams lack trust in their existing risk mitigation practices and fail to take adequate action to guard against vulnerabilities despite being aware of the risks.
70%
Distrust their current internal controls to prevent fraudulent payments.
72%
Distrust their external controls at the bank to stop suspicious transactions
Even After Experiencing Fraud
60%
Do not audit their bank account permissions ever
49%
Do not have proper insurance to cover transaction fraud
21%
Take legal action to recover funds
Could Technology be the Solution?
The survey revealed that more than half of all respondents acknowledge they lack the appropriate tools or technology to prevent various forms of payment fraud. Further findings indicate that tech upgrades were one of the most frequently employed strategies in response to instances of payment fraud.
54%
View inadequate tools as a primary barrier to fraud prevention.
63%
Invest tech upgrades following fraud discovery.
Modern Scams Need Modern Solutions
Master Vendor Alignment
Bank Account Validation
